app-containers/buildah: add 1.34.1

security fixes and some more features
https://github.com/containers/buildah/releases/tag/v1.34.1

Bug: https://bugs.gentoo.org/923650
Signed-off-by: Rahil Bhimjiani <me@rahil.rocks>
Closes: https://github.com/gentoo/gentoo/pull/35502
Signed-off-by: Zac Medico <zmedico@gentoo.org>

3 files changed, 127 insertions, 1 deletions

diff --git a/app-containers/buildah/Manifest b/app-containers/buildah/Manifest
index 9299c41640e4..3bae66fc7635 100644
--- a/app-containers/buildah/Manifest
+++ b/app-containers/buildah/Manifest
@@ -1,3 +1,4 @@
 DIST buildah-1.33.5.tar.gz 18579521 BLAKE2B a59bfda3dea1f588a2f77a26b942da6ae02a00f1169008f776a2d7699b6b14f38ab29b46b7d0651e9fff3f007e5f95caed99952cc7585c25ea2a3153402958e9 SHA512 82ddfacd69918fb4ca8110d7d5279f4075385e5db5b64b58cf41a90c47e16093f1e65d8ef20136a4cd8f5c23ea8da7f35fb72581cec6472497b9c5b458023e9c
 DIST buildah-1.33.6.tar.gz 18585405 BLAKE2B 4a6f6ebfce7799a45b0984b6f9a319becfed87d5acf5f1f784249ff6e5397495ac72c00a22ff0bcc68fd94f1d0a591fa4ac5f0f88bcc9c0a6cdefe117166b4ec SHA512 86eab18af459b0b92361d6e9f56ebe9dab65527d829e7771c13b6c574ef45746a7f53520783ff52978b14aac0d6ee8de32cdabf807666a96dcf46e07e36157e2
 DIST buildah-1.34.0.tar.gz 18751419 BLAKE2B 6584c5234e849f9b8cde5e4188791024c8ac5c0ba85859e289f3eb2ec32f97f722ebf25f1291f29e14edf4adc14e19d6a6a76630c820085e9f345736aeb3d4eb SHA512 a3836ce540058f418131969e157d548864727398535e4e99a693d883419b8d764da7166f9b9376c2b9686d8beac101687843c2e93198b16328ef333ad96d55db
+DIST buildah-1.34.1.tar.gz 18838539 BLAKE2B de11f64a54fa24c8aa543dd44e6a3fca9df62eecf39541fa37c22a2dc64560d056f638a6b1f8aa564a09f0594a5e7150ef14fd9ab8cc61390dc6d7d8afa5545b SHA512 2d229ead1149b66d1b7d91f596809e97e5316356ab0997ea335eb3e246ed8bc6879e0e260bb478b4d7ec7c42c7dbf33d0e91086a34e89a3b79eb27322da06c1e
diff --git a/app-containers/buildah/buildah-1.34.1.ebuild b/app-containers/buildah/buildah-1.34.1.ebuild
new file mode 100644
index 000000000000..d5fd4e7a796e
--- /dev/null
+++ b/app-containers/buildah/buildah-1.34.1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module linux-info
+
+DESCRIPTION="A tool that facilitates building OCI images"
+HOMEPAGE="https://github.com/containers/buildah"
+
+# main pkg
+LICENSE="Apache-2.0"
+# deps
+LICENSE+=" BSD BSD-2 CC-BY-SA-4.0 ISC MIT MPL-2.0"
+
+SLOT="0"
+IUSE="apparmor btrfs +seccomp systemd doc test"
+RESTRICT="test"
+EXTRA_DOCS=(
+	"CHANGELOG.md"
+	"CONTRIBUTING.md"
+	"install.md"
+	"troubleshooting.md"
+	"docs/tutorials"
+)
+
+if [[ ${PV} == 9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/containers/buildah.git"
+else
+	SRC_URI="https://github.com/containers/buildah/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm64"
+fi
+
+RDEPEND="
+	systemd? ( sys-apps/systemd )
+	btrfs? ( sys-fs/btrfs-progs )
+	seccomp? ( sys-libs/libseccomp:= )
+	apparmor? ( sys-libs/libapparmor:= )
+	app-containers/containers-common
+	app-crypt/gpgme:=
+	dev-libs/libgpg-error:=
+	dev-libs/libassuan:=
+	sys-apps/shadow:=
+"
+DEPEND="${RDEPEND}"
+
+pkg_pretend() {
+	local CONFIG_CHECK=""
+	use btrfs && CONFIG_CHECK+=" ~BTRFS_FS"
+	check_extra_config
+
+	linux_config_exists || ewarn "Cannot determine configuration of your kernel."
+}
+
+src_prepare() {
+	default
+
+	# ensure all  necessary files are there
+	local file
+	for file in docs/Makefile hack/libsubid_tag.sh hack/apparmor_tag.sh \
+		hack/systemd_tag.sh btrfs_installed_tag.sh btrfs_tag.sh; do
+		[[ -f "${file}" ]] || die
+	done
+
+	sed -i -e "s|/usr/local|/usr|g" Makefile docs/Makefile || die
+	echo -e '#!/usr/bin/env bash\necho libsubid' > hack/libsubid_tag.sh || die
+
+	cat <<-EOF > hack/apparmor_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex apparmor 'echo apparmor' echo)
+	EOF
+
+	use seccomp || {
+		cat <<-'EOF' > "${T}/disable_seccomp.patch"
+		 --- a/Makefile
+		 +++ b/Makefile
+		 @@ -5 +5 @@
+		 -SECURITYTAGS ?= seccomp $(APPARMORTAG)
+		 +SECURITYTAGS ?= $(APPARMORTAG)
+		EOF
+		eapply "${T}/disable_seccomp.patch" || die
+	}
+
+	cat <<-EOF > hack/systemd_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex systemd 'echo systemd' echo)
+	EOF
+
+	echo -e "#!/usr/bin/env bash\n echo" > btrfs_installed_tag.sh || die
+	cat <<-EOF > btrfs_tag.sh || die
+	#!/usr/bin/env bash
+	$(usex btrfs echo 'echo exclude_graphdriver_btrfs btrfs_noversion')
+	EOF
+
+	use test || {
+		cat <<-'EOF' > "${T}/disable_tests.patch"
+		--- a/Makefile
+		+++ b/Makefile
+		@@ -54 +54 @@
+		-all: bin/buildah bin/imgtype bin/copy bin/tutorial docs
+		+all: bin/buildah docs
+		EOF
+		eapply "${T}/disable_tests.patch" || die
+	}
+
+}
+
+src_compile() {
+	# For non-live versions, prevent git operations which causes sandbox violations
+	# https://github.com/gentoo/gentoo/pull/33531#issuecomment-1786107493
+	[[ ${PV} != 9999* ]] && export COMMIT_NO="" GIT_COMMIT=""
+
+	default
+}
+
+src_test() {
+	emake test-unit
+}
+
+src_install() {
+	emake DESTDIR="${ED}" install install.completions
+	einstalldocs
+	use doc && dodoc -r "${EXTRA_DOCS[@]}"
+}
diff --git a/app-containers/buildah/buildah-9999.ebuild b/app-containers/buildah/buildah-9999.ebuild
index 4b4a54c71ba9..d5fd4e7a796e 100644
--- a/app-containers/buildah/buildah-9999.ebuild
+++ b/app-containers/buildah/buildah-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8